A Formal Analysis of Karn’s Algorithm
Authors: 
Max von Hippel, Kenneth L. McMillan, Cristina Nita-Rotaru, Lenore D. ZuckAuthors Info & Claims
Max von Hippel, Kenneth L. McMillan, Cristina Nita-Rotaru, Lenore D. ZuckAuthors Info & ClaimsPages 43 - 61
Abstract
The stability of the Internet relies on timeouts. The timeout value, known as the Retransmission TimeOut (RTO), is constantly updated, based on sampling the Round Trip Time (RTT) of each packet as measured by its sender – that is, the time between when the sender transmits a packet and receives a corresponding acknowledgement. Many of the Internet protocols compute those samples via the same sampling mechanism, known as Karn’s Algorithm.
We present a formal description of the algorithm, and study its properties. We prove the computed samples reflect the RTT of some packets, but it is not always possible to determine which. We then study some of the properties of RTO computations as described in the commonly used RFC6298. All properties are mechanically verified.
References
[1]
Abdou A, Matrawy A, and van Oorschot PC Accurate one-way delay estimation with reduced client trustworthiness IEEE Commun. Lett. 2015 19 5 735-738
[2]
Aboba, B., Wood, J.: Authentication, authorization and accounting (AAA) transport profile, June 2003. https://www.rfc-editor.org/rfc/rfc3539. Accessed 21 Mar 2023
[3]
Adamson, B., Bormann, C., Handley, M., Macker, J.: Negative-acknowledgment (NACK)-oriented reliable multicast (NORM) building blocks, November 2004. https://www.rfc-editor.org/rfc/rfc3941. Accessed 17 Mar 2023
[4]
Afek Y, Attiya H, Fekete A, Fischer M, Lynch N, Mansour Y, Wang DW, and Zuck L Reliable communication over unreliable channels J. ACM (JACM) 1994 41 6 1267-1297
[5]
Allman, M., Paxson, V., Blanton, E.: TCP congestion control, September 2009. https://www.rfc-editor.org/rfc/rfc5681. Accessed 23 Feb 2023
[6]
Arun, V., Alizadeh, M., Balakrishnan, H.: Starvation in end-to-end congestion control. In: Proceedings of the ACM SIGCOMM 2022 Conference, pp. 177–192 (2022)
[7]
Arun, V., Arashloo, M.T., Saeed, A., Alizadeh, M., Balakrishnan, H.: Toward formally verifying congestion control behavior. In: SIGCOMM 2021 (2021)
[8]
Baccelli, F., Hong, D.: TCP is max-plus linear and what it tells us on its throughput. In: Proceedings of the Conference on Applications, Technologies, Architectures, and Protocols for Computer Communication, pp. 219–230 (2000)
[9]
Balakrishnan, H., Seshan, S.: The congestion manager, June 2001. https://www.rfc-editor.org/rfc/rfc3124. Accessed 21 Mar 2023
[10]
Balandina, E., Koucheryavy, Y., Gurtov, A.: Computing the retransmission timeout in coap. In: Internet of Things, Smart Spaces, and Next Generation Networking: 13th International Conference, NEW2AN 2013 and 6th Conference, ruSMART 2013, St. Petersburg, Russia, August 28–30, 2013. Proceedings. pp. 352–362. Springer (2013)
[11]
Bensley, S., Thaler, D., Balasubramanian, P., Eggert, L., Judd, G.: Data Center TCP (DCTCP): TCP congestion control for data centers, October 2017. https://www.rfc-editor.org/rfc/rfc8257. Accessed 15 Mar 2023
[12]
Bishop, S., Fairbairn, M., Norrish, M., Sewell, P., Smith, M., Wansbrough, K.: Rigorous specification and conformance testing techniques for network protocols, as applied to TCP, UDP, and sockets. In: Proceedings of the 2005 Conference on Applications, Technologies, Architectures, and Protocols for Computer Communications, pp. 265–276 (2005)
[13]
Brakmo LS and Peterson LL TCP vegas: end to end congestion avoidance on a global internet IEEE J. Sel. Areas Commun. 1995 13 8 1465-1480
[14]
Camarillo, G., Drage, K., Kristensen, T., Ott, J., Eckel, C.: The Binary Floor Control Protocol (BFCP), January 2021. https://www.rfc-editor.org/rfc/rfc8855. Accessed 23 Feb 2023
[15]
Cardwell, N., et al.: packetdrill: scriptable network stack testing, from sockets to packets. In: 2013 USENIX Annual Technical Conference (USENIX ATC 13), pp. 213–218 (2013)
[16]
Chamarthi HR, Dillinger P, Manolios P, and Vroon D Abdulla PA and Leino KRM The ACL2 sedan theorem proving system Tools and Algorithms for the Construction and Analysis of Systems 2011 Heidelberg Springer 291-295
[17]
Cheng, Y., Cardwell, N., Dukkipati, N., Jha, P.: The RACK-TLP loss detection algorithm for TCP, February 2021. https://www.rfc-editor.org/rfc/rfc8985. Accessed 15 Mar 2023
[18]
Cluzel, G., Georgiou, K., Moy, Y., Zeller, C.: Layered formal verification of a TCP stack. In: 2021 IEEE Secure Development Conference (SecDev), pp. 86–93. IEEE (2021)
[19]
Dillinger PC, Manolios P, Vroon D, and Moore JS Acl2s:“the ACL2 sedan” Electron. Notes Theoretical Comput. Sci. 2007 174 2 3-18
[20]
Eggert, L., Fairhurst, G., Shepherd, G.: UDP usage guidelines, March 2017. https://www.rfc-editor.org/rfc/rfc8085. Accessed 23 Feb 2023
[21]
Gerla, M., Sanadidi, M.Y., Wang, R., Zanella, A., Casetti, C., Mascolo, S.: TCP Westwood: congestion window control using bandwidth estimation. In: GLOBECOM’01. IEEE Global Telecommunications Conference (Cat. No. 01CH37270), vol. 3, pp. 1698–1702. IEEE (2001)
[22]
Henderson, T., Floyd, S., Gurtov, A., Nishida, Y.: The NewReno modification to TCP’s fast recovery algorithm, April 2012. https://www.rfc-editor.org/rfc/rfc6582. Accessed 15 March 2023
[23]
Hespanha JP, Bohacek S, Obraczka K, and Lee J Di Benedetto MD and Sangiovanni-Vincentelli A Hybrid modeling of TCP congestion control Hybrid Systems: Computation and Control 2001 Heidelberg Springer 291-304
[24]
von Hippel M, Vick C, Tripakis S, and Nita-Rotaru C Casimiro A, Ortmeier F, Bitsch F, and Ferreira P Automated attacker synthesis for distributed protocols Computer Safety, Reliability, and Security 2020 Cham Springer 133-149
[25]
Hu, K., Liu, C., Liu, K.: Modeling and verification of custom TCP using SDL. In: 2013 IEEE 4th International Conference on Software Engineering and Service Science, pp. 455–458. IEEE (2013)
[26]
Hurtig, P., Brunstrom, A., Petlund, A., Welzl, M.: TCP and Stream Control Transmission Protocol (SCTP) RTO restart, February 2016. https://www.rfc-editor.org/rfc/rfc7765. Accessed 23 Feb 2023
[27]
Inamura, H., Montenegro, G., Ludwig, R., Gurtov, A., Khafizov, F.: TCP over second (2.5g) and third (3g) generation wireless networks, February 2007. https://www.rfc-editor.org/rfc/rfc3481. Accessed 21 Mar 2023
[28]
Iyengar, J., Swett, I.: QUIC loss detection and congestion control, May 2021. https://www.rfc-editor.org/rfc/rfc9002. Accessed 17 Mar 2023
[29]
Iyengar, J., Thomson, M.: QUIC: A UDP-Based Multiplexed and Secure Transport. RFC 9000, May 2021. https://www.rfc-editor.org/info/rfc9000
[30]
Jacobson V Congestion avoidance and control ACM SIGCOMM Comput. Commun. Rev. 1988 18 4 314-329
[31]
Jennings, C., Lowekamp, B., Rescorla, E., Baset, S., Schulzrinne, H.: REsource LOcation And Discovery (RELOAD) Base Protocol (2014). https://www.rfc-editor.org/rfc/rfc6940. Accessed 23 Feb 2023
[32]
Kakarla, S.K.R., Beckett, R., Millstein, T., Varghese, G.: SCALE: automatically finding RFC compliance bugs in DNS nameservers. In: 19th USENIX Symposium on Networked Systems Design and Implementation (NSDI 22), pp. 307–323. USENIX Association, Renton, WA, April 2022. https://www.usenix.org/conference/nsdi22/presentation/kakarla
[33]
Karn P and Partridge C Improving round-trip time estimates in reliable transport protocols ACM SIGCOMM Comput. Commun. Rev. 1987 17 5 2-7
[34]
Keranen, A., Holmberg, C., Rosenberg, J.: Interactive Connectivity Establishment (ICE): A protocol for Network Address Translator (NAT) traversal, July 2018. https://www.rfc-editor.org/rfc/rfc8445. Accessed 23 February 2023
[35]
Kesselman A and Mansour Y Lorenz P and Dini P Optimizing TCP retransmission timeout Networking - ICN 2005 2005 Heidelberg Springer 133-140
[36]
Kim, H., Hou, J.C.: Network calculus based simulation for TCP congestion control: theorems, implementation and evaluation. In: IEEE INFOCOM 2004, vol. 4, pp. 2844–2855. IEEE (2004)
[37]
Konur, S., Fisher, M.: Formal analysis of a VANET congestion control protocol through probabilistic verification. In: 2011 IEEE 73rd Vehicular Technology Conference (VTC Spring), pp. 1–5. IEEE (2011)
[38]
Le Boudec, J.Y., Thiran, P.: Network calculus: a theory of deterministic queuing systems for the internet. Springer (2001)
[39]
Liu, S., Başar, T., Srikant, R.: TCP-Illinois: a loss and delay-based congestion control algorithm for high-speed networks. In: Proceedings of the 1st International Conference on Performance Evaluation Methodolgies and Tools, pp. 55-es (2006)
[40]
Lockefeer L, Williams DM, and Fokkink W Formal specification and verification of tcp extended with the window scale option Sci. Comput. Program. 2016 118 3-23
[41]
Lomuscio A, Strulo B, Walker NG, and Wu P Model checking optimisation based congestion control algorithms Fund. Inform. 2010 102 1 77-96
[42]
Ludwig, R., Gurtov, A.: The Eifel response algorithm for TCP, February 2005. https://www.rfc-editor.org/rfc/rfc4015. Accessed 21 Mar 2023
[43]
Malik MH, Jamil M, Khan MN, and Malik MH Formal modelling of tcp congestion control mechanisms ecn/red and sap-law in the presence of udp traffic EURASIP J. Wirel. Commun. Netw. 2016 2016 1-12
[44]
Mascolo, S., Casetti, C., Gerla, M., Sanadidi, M.Y., Wang, R.: Tcp westwood: bandwidth estimation for enhanced transport over wireless links. In: Proceedings of the 7th Annual International Conference on Mobile Computing and Networking, pp. 287–297 (2001)
[45]
Mathis M, Semke J, Mahdavi J, and Ott T The macroscopic behavior of the tcp congestion avoidance algorithm ACM SIGCOMM Comput. Commun. Rev. 1997 27 3 67-82
[46]
McMillan, K.L., Zuck, L.D.: Formal specification and testing of QUIC. In: Proceedings of the ACM Special Interest Group on Data Communication, pp. 227–240 (2019)
[47]
Okumura N, Ogata K, and Shinoda Y Formal analysis of RFC 8120 authentication protocol for http under different assumptions J. Inf. Secur. Appl. 2020 53
[48]
Pacheco, M.L., von Hippel, M., Weintraub, B., Goldwasser, D., Nita-Rotaru, C.: Automated attack synthesis by extracting finite state machines from protocol specification documents. In: 2022 IEEE Symposium on Security and Privacy (SP), pp. 51–68. IEEE (2022)
[49]
Paxson, V., Allman, M., Chu, J., Sargent, M.: Computing TCP’s retransmission timer, June 2011. https://www.rfc-editor.org/rfc/rfc6298. Accessed 22 Feb 2023
[50]
Petit-Huguenin, M., Salgueiro, G., Rosenberg, J., Wing, D., Mahy, R., Matthews, P.: Session Traversal Utilities for NAT (STUN), February 2020. https://www.rfc-editor.org/rfc/rfc8489. Accessed 23 February 2023
[51]
Pothamsetty, V., Mateti, P.: A case for exploit-robust and attack-aware protocol RFCs. In: Proceedings 20th IEEE International Parallel and Distributed Processing Symposium (2006)
[52]
Schinazi, D., Pauly, T.: Happy eyeballs version 2: Better connectivity using concurrency, December 2017. https://www.rfc-editor.org/rfc/rfc8305. Accessed 23 Feb 2023
[53]
Shalunov, S., Hazel, G., Iyengar, J., Kuehlewind, M.: Low Extra Delay Background Transport (LEDBAT), December 2012. https://www.rfc-editor.org/rfc/rfc6817. Accessed 23 Feb 2023
[54]
Smith, M.A.S.: Formal verification of TCP and T/TCP. Ph.D. thesis, Massachusetts Institute of Technology (1997)
[55]
Sridharan, M., Tan, K., Bansal, D., Thaler, D.: Compound TCP: a new TCP congestion control for high-speed and long distance networks, November 2008. https://datatracker.ietf.org/doc/html/draft-sridharan-tcpm-ctcp-02. Accessed 15 Mar 2023
[56]
Srikant, R., Başar, T.: The mathematics of Internet congestion control. Springer (2004)
[57]
Stewart, R.: tream control transmission protocol, September 2007. https://www.rfc-editor.org/rfc/rfc4960. Accessed 23 Feb 2023
[58]
T. Henderson, A.G.: The Host Identity Protocol (HIP) Experiment Report, March 2012. https://www.rfc-editor.org/rfc/rfc6538. Accessed 23 Feb 2023
[59]
Tang, C., Chang, R.N., Ward, C.: Gocast: gossip-enhanced overlay multicast for fast and dependable group communication. In: 2005 International Conference on Dependable Systems and Networks (DSN 2005), pp. 140–149. IEEE (2005)
[60]
Taube, M., Losa, G., McMillan, K.L., Padon, O., Sagiv, M., Shoham, S., Wilcox, J.R., Woos, D.: Modularity for decidability of deductive verification with applications to distributed systems. In: Proceedings of the 39th ACM SIGPLAN Conference on Programming Language Design and Implementation, pp. 662–677 (2018)
[61]
Thubert, P.: IPv6 over Low-Power Wireless Personal Area Network (6LoWPAN) selective fragment recovery, November 2020. https://www.rfc-editor.org/rfc/rfc8931. Accessed 23 Feb 2023
[62]
Yang, P.: tcp: fix F-RTO may not work correctly when receiving DSACK. https://lore.kernel.org/netdev/165116761177.10854.18409623100154256898.git-patchwork-notify@kernel.org/t/. Accessed 24 Mar 2023
[63]
Yen, J., Lévai, T., Ye, Q., Ren, X., Govindan, R., Raghavan, B.: Semi-automated protocol disambiguation and code generation. In: Proceedings of the 2021 ACM SIGCOMM 2021 Conference, pp. 272–286 (2021)
[64]
Zarchy, D., Mittal, R., Schapira, M., Shenker, S.: Axiomatizing congestion control. In: Proceedings of the ACM on Measurement and Analysis of Computing Systems, July 2019
Recommendations
A case for context-aware TCP/IP
This paper discusses the design and evaluation of CATNIP, a Context-Aware Transport/Network Internet Protocol for the Web. This integrated protocol uses application-layer knowledge (i.e., Web document size) to provide explicit context information to the ...
Migrating Sockets for networking with quality of service guarantees
ICNP '97: Proceedings of the 1997 International Conference on Network Protocols (ICNP '97)Migrating Sockets is the protocol processing component of an end system architecture designed for networking with QoS guarantees. The architecture provides: (1) adaptive rate-controlled scheduling of protocol threads in Migrating Sockets, (2) rate-based ...
IP multicast group management for point-to-point local distribution
We examine the applicability of existing IP multicast mechanisms for point-to-point links such as wired and wireless telephone lines. We identify problems such as overhead due to IGMP leave latency and unnecessary probing of hosts, both important issues ...
Comments
Information & Contributors
Information
Published In
May 2023
175 pages
© The Author(s), under exclusive license to Springer Nature Switzerland AG 2023.
Publisher
Springer-Verlag
Berlin, Heidelberg
Publication History
Published: 07 July 2023
Author Tags
Qualifiers
- Article
Contributors
Other Metrics
Bibliometrics & Citations
Bibliometrics
Article Metrics
- 0Total Citations
- 0Total Downloads
- Downloads (Last 12 months)0
- Downloads (Last 6 weeks)0
Reflects downloads up to 22 Sep 2024
Other Metrics
Citations
View Options
View options
Get Access
Login options
Check if you have access through your login credentials or your institution to get full access on this article.
Sign in